remove /proc/net read access from domain.te

SELinux domains wanting read access to /proc/net need to explicitly declare it. TODO: fixup the ListeningPortsTest cts test so that it's not broken. Bug: 9496886 Change-Id: Ia9f1214348ac4051542daa661d35950eb271b2e4
author: Nick Kralevich <nnk@google.com> 2015-01-14 14:12:14 -0800
committer: Nick Kralevich <nnk@google.com> 2015-01-14 22:18:24 +0000
commit: 99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch)
tree: 2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /netd.te
parent: 4a89cdfa89448c8660308a31bfcb517fffaa239e (diff)
download: android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz
android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2
android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/netd.te b/netd.te
index ce89421..611ec76 100644
--- a/netd.te
+++ b/netd.te
@@ -23,7 +23,8 @@ allow netd system_file:file x_file_perms;
 allow netd devpts:chr_file rw_file_perms;
 
 # For /proc/sys/net/ipv[46]/route/flush.
-allow netd proc_net:file write;
+allow netd proc_net:file rw_file_perms;
+allow netd proc_net:dir r_dir_perms;
 
 # For /sys/modules/bcmdhd/parameters/firmware_path
 # XXX Split into its own type.
author	Nick Kralevich <nnk@google.com>	2015-01-14 14:12:14 -0800
committer	Nick Kralevich <nnk@google.com>	2015-01-14 22:18:24 +0000
commit	99940d1af5719f1622fa2a17f8daf6cb21de3ad1 (patch)
tree	2a9c86455c64d0e8452cb3379ddb4f43aca4ee12 /netd.te
parent	4a89cdfa89448c8660308a31bfcb517fffaa239e (diff)
download	android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.gz android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.tar.bz2 android_external_sepolicy-99940d1af5719f1622fa2a17f8daf6cb21de3ad1.zip